Education Services

Introduction to Web Application Security

This course is available as a one or two-day workshop. The course is taught using a combination of theory, practical examples, and hands-on training. It is designed to provide an overview of the fundamental principles of Web application security. This session presents students with an understanding of:

– How Web applications work
– How vulnerabilities manifest in them
– How hackers find and exploit these vulnerabilities
– Solutions for protecting Web applications

Benefits
– Identify elements that can make a Web application an easy target
– Learn about hackers’ tools and techniques
– Understand how to identify vulnerabilities in Web applications
– Learn how to test and exploit vulnerabilities in your Web applications using freely available tools

Who Should Attend
Anyone interested in identifying vulnerabilities in Web applications, (IT staff, managers, system architects, information security professionals, etc.) and developers and QA professionals who want to understand Web application vulnerabilities and attack scenarios.

Duration
Available as a one or two-day workshop
Prerequisites
Be comfortable with Web browsers. Basic HTML familiarity is helpful.

Structure
A combination of theory, practical examples, and hands-on training.

Contact
WhiteHat Security also offers on-site education sessions for groups of 20 or more. Public courses are also available to individuals in cities across the country. To find out more about WhiteHat Education Services course curriculum, contact our corporate office at 408.343.8300.

Download a course overview :: (162K PDF) ›››

Course Overview :: Introduction to Web Application Security

Background
Evolution of Web applications, issues with Web applications, Web application vulnerabilities

Technologies
– HTTP protocol
– Hackers’ Toolbox (HTML, JavaScript, AJAX)
– Request / response flow
– Encoding/decoding URLs, character sets,
and HTML entities

Anatomy of an Attack
– How people exploit Web applications
– Why you can never trust anything that
comes from the client

Top Web Application Attacks & Vulnerabilities (topics vary depending upon duration of course selected – one or two-day)
– Overview of the top Web app vulnerabilities
– How those vulnerabilities were introduced
   and how they can be avoided
– Concepts, examples, case studies, and
   scenarios for each class of attack:
   • XSS (Cross Site Scripting)
   • SQL Injection
   • Blind SQL Injection
   • Authentication, Authorization and
     Session Attacks
   • CSRF (Cross Site Request Forgery)
   • Business Logic Flaws
   • HTTP Response Splitting

Solutions for Protecting Your Applications
– Solutions that can improve the security
of your Web application
– Identifying the weaknesses in your Web app
– Remediation